Description:
A technology that enables the detection of tampering of a program as the program executes for security applications.
Background:
Current computer systems are highly vulnerable to cyber-attack. The number of attacks and the financial losses due to those attacks has risen exponentially. Despite significant investments, the situation continues to worsen; novel attacks appear with high frequency and employ increasingly sophisticated techniques.
Technology Overview:
The present technology enables tampering of a program to be detected as the program executes. In particular, tampering of the code as it runs is detected efficiently. The authenticity of instructions is verified within the processor, concurrent with initial execution of the instructions. While a reference signature is accessed and verified, the instruction processing is not delayed. Thus, the verification proceeds in parallel with instruction execution. Advantageously, the execution pipeline for instructions is longer than the verification latency, so that in the event of a verification exception, instruction execution can be modified or preempted.
https://binghamton.technologypublisher.com/files/sites/photo-1477244075012-5cc28286e4651.jpeg
https://unsplash.com/photos/68ZlATaVYIo
Advantages:
- Fast validation of programs as they execute with very little performance overhead.
- Mechanism fits easily into existing hardware/software designs.
- Can use existing Trusted Platform Module (TPM) support to implement processor-internal storage for secret keys
Applications:
- Detection of malicious attempts to modify code.
- Ensures that only certified code can run and detect run-time tampering of such code.
- Permits trustworthy code to be distributed and used.
- Detects instruction corruption due to faults – permanent or transient
Intellectual Property Summary:
Patent rights available for licensing.